Community discussions

MikroTik App
 
User avatar
giannakoz
just joined
Topic Author
Posts: 6
Joined: Sat Feb 21, 2015 1:10 am
Location: Scotland

Which router/switch for distributing to 10 individual RouterBOARDs 951-2n??

Mon Jun 07, 2021 5:44 pm

Hello MikroTik gurus.

Coming back after 5 years from this topic, credits to @Quindor, I am back requiring an upgrade.
If you happen to look on the old post you will see that I wanted to share the internet bandwidth among rental property, home and office. Unfortunately, this is not possible anymore and the plans are changed a bit.

We are currently having a major upgrade from our ISP provider and right now the road is sliced to install fibre to the home!!! FTTH). The speed I have selected is 200Mbps down / 20Mbps up and the supplied modem is NOKIA ONT. I have installed (five years ago) FTP 4*2*23AWG cable (ISO/IEC 11801, CAT6 TIA/EIA 568C.2) to each studio and terminate it to a RouterBOARD 951 2n with POE.
All cables run down to a cabinet where the new modem will be located.


I am looking for a router/switch to distribute equally (QOS/PCQ???) the available bandwidth to 10 RouterBOARDs. (Each RouterBOARD to appear as individual WiFi network. e.g. Studio1.1, Studio1.2, Studio2.1 etc..)
I understand that the limit because of POE and actual board is down to 54Mbps per device but I don't expect the building to have only 1 tenant at any given time.
ISP offers dynamic IP...

Other essential parameters are:
• No other user can see another RouterBOARD (private network,WiFi),
• No internal traffic between RouterBOARD-to-RouterBOARD unless each user wants to have traffic within his/her own RouterBOARD.
• Remote managing is key especially when new tenant arrives to set a new password for the individual RouterBOARD.
Optional parameters:
• 10*POE out ports to power RouterBOARD 951 2n (max cable length 30meters)
• Limit to 1 voip call at a time per RouterBOARD
• USB output to use a relay and cut off the modem power remotely if required
netPower 16P or CRS328-24P-4S+RM looks like a good candidate to me but my knowledge on Mikrotik and routing is very limited. Last time the programming was done by one of my friends but most probably this time I'll have to find a professional (any recommendations welcome)....

Thanks again for your time and your patience :)

*PS. attached diagram

**If you have another recommendation on equipment feel free to commend. (I'm flexible to alterations as long as RouterBOARD 951 2n are used) ((Could that work?? RB4011iGS+RM with an SFP to rj45....))
 
mada3k
Long time Member
Long time Member
Posts: 686
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Which router/switch for distributing to 10 individual RouterBOARDs 951-2n??  [SOLVED]

Mon Jun 07, 2021 6:59 pm

It sounds like you need to do some NAT and queues, then you most probably need a router. However, the CRS328 has a decent CPU and actually can act as a router/firewall as well.
 
User avatar
giannakoz
just joined
Topic Author
Posts: 6
Joined: Sat Feb 21, 2015 1:10 am
Location: Scotland

Re: Which router/switch for distributing to 10 individual RouterBOARDs 951-2n??

Tue Jun 08, 2021 10:19 pm

It sounds like you need to do some NAT and queues, then you most probably need a router. However, the CRS328 has a decent CPU and actually can act as a router/firewall as well.
Thanks for the reply mada3k
I wasn't sure if crs328 was able to handle such a load
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Which router/switch for distributing to 10 individual RouterBOARDs 951-2n??

Tue Jun 08, 2021 11:24 pm

I wasn't sure if crs328 was able to handle such a load

With some luck it will ... but there's no guarantee. If you look at official test results ... and concentrate on Ethernet test results table, you'll see some routing performance numbers. Experience goes that if you have to pick a number from that table, the one best resembling real-life experience is the one in "Routing - 25 ip filter rules" row and "512 byte packet size" column. For CRS328 the number is around 270 Mbps ... and that's duplex number, your requirement is 220 Mbps. If you throw in some fancy packet processing (e.g. combination of firewalling and queueing), then achievable throughput will drop even further.

And the reasoning is the same for any mikrotik device which does packet processing in software using main CPU - the exception is only CRS3xx line running ROS v7 which can (partially) offload routing to hardware (ROS v7 is in early beta stage and should not be used in any kind of production environment).

My suggestion: get a PoE switch (either CRS318-16P-2S+OUT - netPower 16P or CRS328-24P-4S+RM would do, so selection will be done according to case format and number of RJ45 ports) and a proper router, a RB4011 would do very nicely. Either of switches would allow you to terminate ISP's optical cable at switch and use second SFP+ port to connect RB4011 as a true "router on a stick", i.e. only connection of RB4011 with any other device would be the said SFP+ connection and both internet and LAN data would pass same connection, which would use VLAN tags to separate both streams. The rest of network could be either untagged or tagged, depending on what would be configured on RB951-2n devices (e.g. you could use all tagged connections to hide management interfaces of those units from residents of apartments).
 
User avatar
giannakoz
just joined
Topic Author
Posts: 6
Joined: Sat Feb 21, 2015 1:10 am
Location: Scotland

Re: Which router/switch for distributing to 10 individual RouterBOARDs 951-2n??

Thu Jun 10, 2021 3:23 pm

I wasn't sure if crs328 was able to handle such a load

With some luck it will ... but there's no guarantee. If you look at official test results ... and concentrate on Ethernet test results table, you'll see some routing performance numbers. Experience goes that if you have to pick a number from that table, the one best resembling real-life experience is the one in "Routing - 25 ip filter rules" row and "512 byte packet size" column. For CRS328 the number is around 270 Mbps ... and that's duplex number, your requirement is 220 Mbps. If you throw in some fancy packet processing (e.g. combination of firewalling and queueing), then achievable throughput will drop even further.

And the reasoning is the same for any mikrotik device which does packet processing in software using main CPU - the exception is only CRS3xx line running ROS v7 which can (partially) offload routing to hardware (ROS v7 is in early beta stage and should not be used in any kind of production environment).

My suggestion: get a PoE switch (either CRS318-16P-2S+OUT - netPower 16P or CRS328-24P-4S+RM would do, so selection will be done according to case format and number of RJ45 ports) and a proper router, a RB4011 would do very nicely. Either of switches would allow you to terminate ISP's optical cable at switch and use second SFP+ port to connect RB4011 as a true "router on a stick", i.e. only connection of RB4011 with any other device would be the said SFP+ connection and both internet and LAN data would pass same connection, which would use VLAN tags to separate both streams. The rest of network could be either untagged or tagged, depending on what would be configured on RB951-2n devices (e.g. you could use all tagged connections to hide management interfaces of those units from residents of apartments).
Thanks for your anwer.
I'll follow your advice and purchase one router and a modem (4011). Unfortunately the ISP provider doesn't let us use the fibre cable directly into any unauthorised device and delivers all modems in "black box" mode where no changes are allowed. The modem is already pre-configured to run in [bridge mode].

Who is online

Users browsing this forum: CaptainRisky, GoogleOther [Bot] and 14 guests